<!DOCTYPE html>
<html lang="en-US">
  <head>
    <meta charset="utf-8">
    <meta name="viewport" content="width=device-width,initial-scale=1">
    <title>认证授权 | KCloud-Platform-Alibaba</title>
    <meta name="generator" content="VuePress 1.9.2">
    <link rel="icon" href="/img/favicon.ico">
    <meta name="description" content="一个基于VuePress的 知识管理&amp;博客 主题">
    <meta name="keywords" content="vuepress,theme,blog,vdoing">
    <meta name="theme-color" content="#11a8cd">
    
    <link rel="preload" href="/assets/css/0.styles.f1160bd0.css" as="style"><link rel="preload" href="/assets/js/app.c1130a26.js" as="script"><link rel="preload" href="/assets/js/2.4ec61f8d.js" as="script"><link rel="preload" href="/assets/js/16.284febc7.js" as="script"><link rel="prefetch" href="/assets/js/10.e3efb9c9.js"><link rel="prefetch" href="/assets/js/11.215e8173.js"><link rel="prefetch" href="/assets/js/12.e49aaa47.js"><link rel="prefetch" href="/assets/js/13.c0cadd0c.js"><link rel="prefetch" href="/assets/js/14.354c04aa.js"><link rel="prefetch" href="/assets/js/15.0ccb9393.js"><link rel="prefetch" href="/assets/js/17.f10e7f0d.js"><link rel="prefetch" href="/assets/js/18.3e728c4a.js"><link rel="prefetch" href="/assets/js/19.5a760622.js"><link rel="prefetch" href="/assets/js/3.cd68975a.js"><link rel="prefetch" href="/assets/js/4.1e281399.js"><link rel="prefetch" href="/assets/js/5.fa0f019a.js"><link rel="prefetch" href="/assets/js/6.d5489e3f.js"><link rel="prefetch" href="/assets/js/7.c3b0abd7.js"><link rel="prefetch" href="/assets/js/8.1acb47f0.js"><link rel="prefetch" href="/assets/js/9.e9e30dab.js">
    <link rel="stylesheet" href="/assets/css/0.styles.f1160bd0.css">
  </head>
  <body class="theme-mode-light">
    <div id="app" data-server-rendered="true"><div class="theme-container sidebar-open have-rightmenu"><header class="navbar blur"><div title="目录" class="sidebar-button"><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" role="img" viewBox="0 0 448 512" class="icon"><path fill="currentColor" d="M436 124H12c-6.627 0-12-5.373-12-12V80c0-6.627 5.373-12 12-12h424c6.627 0 12 5.373 12 12v32c0 6.627-5.373 12-12 12zm0 160H12c-6.627 0-12-5.373-12-12v-32c0-6.627 5.373-12 12-12h424c6.627 0 12 5.373 12 12v32c0 6.627-5.373 12-12 12zm0 160H12c-6.627 0-12-5.373-12-12v-32c0-6.627 5.373-12 12-12h424c6.627 0 12 5.373 12 12v32c0 6.627-5.373 12-12 12z"></path></svg></div> <a href="/" class="home-link router-link-active"><img src="/img/logo.png" alt="KCloud-Platform-Alibaba" class="logo"> <span class="site-name can-hide">KCloud-Platform-Alibaba</span></a> <div class="links"><div class="search-box"><input aria-label="Search" autocomplete="off" spellcheck="false" value=""> <!----></div> <nav class="nav-links can-hide"><div class="nav-item"><a href="/" class="nav-link">首页</a></div><div class="nav-item"><div class="dropdown-wrapper"><button type="button" aria-label="指南" class="dropdown-title"><a href="/pages/a2f161/" class="link-title">指南</a> <span class="title" style="display:none;">指南</span> <span class="arrow right"></span></button> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><h4>环境搭建</h4> <ul class="dropdown-subitem-wrapper"><li class="dropdown-subitem"><a href="/pages/a2f161/" class="nav-link">Centos7安装Mysql 8.0.33</a></li><li class="dropdown-subitem"><a href="/pages/90401a/" class="nav-link">Centos7安装Redis 7.0.11</a></li><li class="dropdown-subitem"><a href="/pages/0fb88c/" class="nav-link">Centos7安装RocketMQ 5.1.1</a></li><li class="dropdown-subitem"><a href="/pages/65acfd/" class="nav-link">Centos7安装Jdk 17.0.7</a></li><li class="dropdown-subitem"><a href="/pages/65acff/" class="nav-link">Centos7安装Docker 23.0.6</a></li><li class="dropdown-subitem"><a href="/pages/552b64/" class="nav-link">Docker安装RabbitMQ 3.12.2</a></li><li class="dropdown-subitem"><a href="/pages/d715cf/" class="nav-link">Centos7安装Elasticsearch 8.6.2</a></li></ul></li><li class="dropdown-item"><h4>快速上手</h4> <ul class="dropdown-subitem-wrapper"><li class="dropdown-subitem"><a href="/pages/10bfa2/" class="nav-link">一键部署</a></li><li class="dropdown-subitem"><a href="/pages/10bfa7/" class="nav-link">项目启动</a></li><li class="dropdown-subitem"><a href="/pages/192acb/" class="nav-link">API网关</a></li><li class="dropdown-subitem"><a href="/pages/36da89/" aria-current="page" class="nav-link router-link-exact-active router-link-active">认证授权</a></li><li class="dropdown-subitem"><a href="/" class="nav-link">服务注册&amp;发现</a></li><li class="dropdown-subitem"><a href="/" class="nav-link">配置中心</a></li><li class="dropdown-subitem"><a href="/" class="nav-link">分布式事务</a></li><li class="dropdown-subitem"><a href="/" class="nav-link">多级缓存</a></li><li class="dropdown-subitem"><a href="/" class="nav-link">数据推送</a></li><li class="dropdown-subitem"><a href="/" class="nav-link">消息队列</a></li><li class="dropdown-subitem"><a href="/" class="nav-link">服务熔断&amp;降级</a></li><li class="dropdown-subitem"><a href="/" class="nav-link">远程调用</a></li><li class="dropdown-subitem"><a href="/" class="nav-link">链路跟踪</a></li><li class="dropdown-subitem"><a href="/" class="nav-link">对象存储</a></li><li class="dropdown-subitem"><a href="/" class="nav-link">日志分析</a></li><li class="dropdown-subitem"><a href="/" class="nav-link">分布式锁</a></li><li class="dropdown-subitem"><a href="/" class="nav-link">服务监控</a></li><li class="dropdown-subitem"><a href="/" class="nav-link">读写分离&amp;分库分表</a></li><li class="dropdown-subitem"><a href="/" class="nav-link">多数据源</a></li><li class="dropdown-subitem"><a href="/" class="nav-link">数据库版本控制</a></li><li class="dropdown-subitem"><a href="/" class="nav-link">持续集成&amp;交付</a></li><li class="dropdown-subitem"><a href="/" class="nav-link">自动化部署</a></li><li class="dropdown-subitem"><a href="/" class="nav-link">接口幂等性</a></li><li class="dropdown-subitem"><a href="/" class="nav-link">接口安全</a></li><li class="dropdown-subitem"><a href="/" class="nav-link">XSS攻击</a></li><li class="dropdown-subitem"><a href="/" class="nav-link">统计报表</a></li><li class="dropdown-subitem"><a href="/pages/10bfa8/" class="nav-link">SSL证书</a></li></ul></li><li class="dropdown-item"><h4>系统设计</h4> <ul class="dropdown-subitem-wrapper"><li class="dropdown-subitem"><a href="/" class="nav-link">高可用设计</a></li><li class="dropdown-subitem"><a href="/" class="nav-link">多租户设计</a></li><li class="dropdown-subitem"><a href="/" class="nav-link">权限设计</a></li></ul></li><li class="dropdown-item"><h4>工具使用</h4> <ul class="dropdown-subitem-wrapper"><li class="dropdown-subitem"><a href="/" class="nav-link">Git使用</a></li><li class="dropdown-subitem"><a href="/" class="nav-link">Maven使用</a></li><li class="dropdown-subitem"><a href="/" class="nav-link">Docker使用</a></li><li class="dropdown-subitem"><a href="/" class="nav-link">Jenkins使用</a></li></ul></li><li class="dropdown-item"><h4>第三方对接</h4> <ul class="dropdown-subitem-wrapper"><li class="dropdown-subitem"><a href="/" class="nav-link">微信公众号对接</a></li></ul></li><li class="dropdown-item"><h4>脚本使用</h4> <ul class="dropdown-subitem-wrapper"><li class="dropdown-subitem"><a href="/" class="nav-link">Linux shell脚本使用</a></li><li class="dropdown-subitem"><a href="/" class="nav-link">Lua脚本使用</a></li><li class="dropdown-subitem"><a href="/" class="nav-link">Window bat脚本使用</a></li></ul></li><li class="dropdown-item"><h4>技术分享</h4> <ul class="dropdown-subitem-wrapper"><li class="dropdown-subitem"><a href="/" class="nav-link">RocketMQ的冒险之旅（先占占位置）</a></li></ul></li><li class="dropdown-item"><h4>架构演进</h4> <ul class="dropdown-subitem-wrapper"><li class="dropdown-subitem"><a href="/" class="nav-link">老寇云平台架构演进（先占占位置）</a></li></ul></li></ul></div></div><div class="nav-item"><a href="/pages/1b12ed/" class="nav-link">赞助</a></div> <a href="https://github.com/KouShenhai/KCloud-Platform-Alibaba" target="_blank" rel="noopener noreferrer" class="repo-link">
    GitHub
    <span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></nav></div></header> <div class="sidebar-mask"></div> <div class="sidebar-hover-trigger"></div> <aside class="sidebar" style="display:none;"><!----> <nav class="nav-links"><div class="nav-item"><a href="/" class="nav-link">首页</a></div><div class="nav-item"><div class="dropdown-wrapper"><button type="button" aria-label="指南" class="dropdown-title"><a href="/pages/a2f161/" class="link-title">指南</a> <span class="title" style="display:none;">指南</span> <span class="arrow right"></span></button> <ul class="nav-dropdown" style="display:none;"><li class="dropdown-item"><h4>环境搭建</h4> <ul class="dropdown-subitem-wrapper"><li class="dropdown-subitem"><a href="/pages/a2f161/" class="nav-link">Centos7安装Mysql 8.0.33</a></li><li class="dropdown-subitem"><a href="/pages/90401a/" class="nav-link">Centos7安装Redis 7.0.11</a></li><li class="dropdown-subitem"><a href="/pages/0fb88c/" class="nav-link">Centos7安装RocketMQ 5.1.1</a></li><li class="dropdown-subitem"><a href="/pages/65acfd/" class="nav-link">Centos7安装Jdk 17.0.7</a></li><li class="dropdown-subitem"><a href="/pages/65acff/" class="nav-link">Centos7安装Docker 23.0.6</a></li><li class="dropdown-subitem"><a href="/pages/552b64/" class="nav-link">Docker安装RabbitMQ 3.12.2</a></li><li class="dropdown-subitem"><a href="/pages/d715cf/" class="nav-link">Centos7安装Elasticsearch 8.6.2</a></li></ul></li><li class="dropdown-item"><h4>快速上手</h4> <ul class="dropdown-subitem-wrapper"><li class="dropdown-subitem"><a href="/pages/10bfa2/" class="nav-link">一键部署</a></li><li class="dropdown-subitem"><a href="/pages/10bfa7/" class="nav-link">项目启动</a></li><li class="dropdown-subitem"><a href="/pages/192acb/" class="nav-link">API网关</a></li><li class="dropdown-subitem"><a href="/pages/36da89/" aria-current="page" class="nav-link router-link-exact-active router-link-active">认证授权</a></li><li class="dropdown-subitem"><a href="/" class="nav-link">服务注册&amp;发现</a></li><li class="dropdown-subitem"><a href="/" class="nav-link">配置中心</a></li><li class="dropdown-subitem"><a href="/" class="nav-link">分布式事务</a></li><li class="dropdown-subitem"><a href="/" class="nav-link">多级缓存</a></li><li class="dropdown-subitem"><a href="/" class="nav-link">数据推送</a></li><li class="dropdown-subitem"><a href="/" class="nav-link">消息队列</a></li><li class="dropdown-subitem"><a href="/" class="nav-link">服务熔断&amp;降级</a></li><li class="dropdown-subitem"><a href="/" class="nav-link">远程调用</a></li><li class="dropdown-subitem"><a href="/" class="nav-link">链路跟踪</a></li><li class="dropdown-subitem"><a href="/" class="nav-link">对象存储</a></li><li class="dropdown-subitem"><a href="/" class="nav-link">日志分析</a></li><li class="dropdown-subitem"><a href="/" class="nav-link">分布式锁</a></li><li class="dropdown-subitem"><a href="/" class="nav-link">服务监控</a></li><li class="dropdown-subitem"><a href="/" class="nav-link">读写分离&amp;分库分表</a></li><li class="dropdown-subitem"><a href="/" class="nav-link">多数据源</a></li><li class="dropdown-subitem"><a href="/" class="nav-link">数据库版本控制</a></li><li class="dropdown-subitem"><a href="/" class="nav-link">持续集成&amp;交付</a></li><li class="dropdown-subitem"><a href="/" class="nav-link">自动化部署</a></li><li class="dropdown-subitem"><a href="/" class="nav-link">接口幂等性</a></li><li class="dropdown-subitem"><a href="/" class="nav-link">接口安全</a></li><li class="dropdown-subitem"><a href="/" class="nav-link">XSS攻击</a></li><li class="dropdown-subitem"><a href="/" class="nav-link">统计报表</a></li><li class="dropdown-subitem"><a href="/pages/10bfa8/" class="nav-link">SSL证书</a></li></ul></li><li class="dropdown-item"><h4>系统设计</h4> <ul class="dropdown-subitem-wrapper"><li class="dropdown-subitem"><a href="/" class="nav-link">高可用设计</a></li><li class="dropdown-subitem"><a href="/" class="nav-link">多租户设计</a></li><li class="dropdown-subitem"><a href="/" class="nav-link">权限设计</a></li></ul></li><li class="dropdown-item"><h4>工具使用</h4> <ul class="dropdown-subitem-wrapper"><li class="dropdown-subitem"><a href="/" class="nav-link">Git使用</a></li><li class="dropdown-subitem"><a href="/" class="nav-link">Maven使用</a></li><li class="dropdown-subitem"><a href="/" class="nav-link">Docker使用</a></li><li class="dropdown-subitem"><a href="/" class="nav-link">Jenkins使用</a></li></ul></li><li class="dropdown-item"><h4>第三方对接</h4> <ul class="dropdown-subitem-wrapper"><li class="dropdown-subitem"><a href="/" class="nav-link">微信公众号对接</a></li></ul></li><li class="dropdown-item"><h4>脚本使用</h4> <ul class="dropdown-subitem-wrapper"><li class="dropdown-subitem"><a href="/" class="nav-link">Linux shell脚本使用</a></li><li class="dropdown-subitem"><a href="/" class="nav-link">Lua脚本使用</a></li><li class="dropdown-subitem"><a href="/" class="nav-link">Window bat脚本使用</a></li></ul></li><li class="dropdown-item"><h4>技术分享</h4> <ul class="dropdown-subitem-wrapper"><li class="dropdown-subitem"><a href="/" class="nav-link">RocketMQ的冒险之旅（先占占位置）</a></li></ul></li><li class="dropdown-item"><h4>架构演进</h4> <ul class="dropdown-subitem-wrapper"><li class="dropdown-subitem"><a href="/" class="nav-link">老寇云平台架构演进（先占占位置）</a></li></ul></li></ul></div></div><div class="nav-item"><a href="/pages/1b12ed/" class="nav-link">赞助</a></div> <a href="https://github.com/KouShenhai/KCloud-Platform-Alibaba" target="_blank" rel="noopener noreferrer" class="repo-link">
    GitHub
    <span><svg xmlns="http://www.w3.org/2000/svg" aria-hidden="true" focusable="false" x="0px" y="0px" viewBox="0 0 100 100" width="15" height="15" class="icon outbound"><path fill="currentColor" d="M18.8,85.1h56l0,0c2.2,0,4-1.8,4-4v-32h-8v28h-48v-48h28v-8h-32l0,0c-2.2,0-4,1.8-4,4v56C14.8,83.3,16.6,85.1,18.8,85.1z"></path> <polygon fill="currentColor" points="45.7,48.7 51.3,54.3 77.2,28.5 77.2,37.2 85.2,37.2 85.2,14.9 62.8,14.9 62.8,22.9 71.5,22.9"></polygon></svg> <span class="sr-only">(opens new window)</span></span></a></nav>  <ul class="sidebar-links"><li><section class="sidebar-group depth-0"><p class="sidebar-heading"><span>环境搭建</span> <!----></p> <ul class="sidebar-links sidebar-group-items"><li><a href="/pages/a2f161/" class="sidebar-link">Centos7安装Mysql 8.0.33</a></li><li><a href="/pages/90401a/" class="sidebar-link">Centos7安装Redis 7.0.11</a></li><li><a href="/pages/0fb88c/" class="sidebar-link">Centos7安装RocketMQ 5.1.1</a></li><li><a href="/pages/65acfd/" class="sidebar-link">Centos7安装Jdk 17.0.7</a></li><li><a href="/pages/65acff/" class="sidebar-link">Centos7安装Docker 23.0.6</a></li><li><a href="/pages/552b64/" class="sidebar-link">Docker安装RabbitMQ 3.12.2</a></li><li><a href="/pages/d715cf/" class="sidebar-link">Centos7安装Elasticsearch 8.6.2</a></li></ul></section></li><li><section class="sidebar-group depth-0"><p class="sidebar-heading open"><span>快速上手</span> <!----></p> <ul class="sidebar-links sidebar-group-items"><li><a href="/pages/10bfa2/" class="sidebar-link">一键部署</a></li><li><a href="/pages/10bfa7/" class="sidebar-link">项目启动</a></li><li><a href="/pages/192acb/" class="sidebar-link">API网关</a></li><li><a href="/pages/36da89/" aria-current="page" class="active sidebar-link">认证授权</a><ul class="sidebar-sub-headers"><li class="sidebar-sub-header level2"><a href="/pages/36da89/#spring-authorization-server" class="sidebar-link">Spring Authorization Server</a><ul class="sidebar-sub-headers"><li class="sidebar-sub-header level3"><a href="/pages/36da89/#简介" class="sidebar-link">简介</a></li><li class="sidebar-sub-header level3"><a href="/pages/36da89/#整体架构-表单登录流程" class="sidebar-link">整体架构（表单登录流程）</a></li><li class="sidebar-sub-header level3"><a href="/pages/36da89/#开发基于密码模式的认证服务器" class="sidebar-link">开发基于密码模式的认证服务器</a></li><li class="sidebar-sub-header level6"><a href="/pages/36da89/#引入依赖" class="sidebar-link">引入依赖</a></li><li class="sidebar-sub-header level6"><a href="/pages/36da89/#yaml核心配置" class="sidebar-link">yaml核心配置</a></li><li class="sidebar-sub-header level6"><a href="/pages/36da89/#核心代码" class="sidebar-link">核心代码</a></li><li class="sidebar-sub-header level6"><a href="/pages/36da89/#认证服务器配置" class="sidebar-link">认证服务器配置</a></li><li class="sidebar-sub-header level6"><a href="/pages/36da89/#资源放行" class="sidebar-link">资源放行</a></li></ul></li></ul></li><li><a href="/pages/10bfa8/" class="sidebar-link">SSL证书</a></li></ul></section></li></ul> </aside> <div><main class="page"><div class="theme-vdoing-wrapper "><div class="articleInfo-wrap" data-v-06225672><div class="articleInfo" data-v-06225672><ul class="breadcrumbs" data-v-06225672><li data-v-06225672><a href="/" title="首页" class="iconfont icon-home router-link-active" data-v-06225672></a></li> <li data-v-06225672><span data-v-06225672>指南</span></li><li data-v-06225672><span data-v-06225672>快速上手</span></li></ul> <div class="info" data-v-06225672><div title="作者" class="author iconfont icon-touxiang" data-v-06225672><a href="https://github.com/KouShenhai" target="_blank" title="作者" class="beLink" data-v-06225672>KCloud-Platform-Alibaba</a></div> <div title="创建时间" class="date iconfont icon-riqi" data-v-06225672><a href="javascript:;" data-v-06225672>2023-09-26</a></div> <!----></div></div></div> <!----> <div class="content-wrapper"><div class="right-menu-wrapper"><div class="right-menu-margin"><div class="right-menu-title">目录</div> <div class="right-menu-content"></div></div></div> <h1><img src="">认证授权<!----></h1>  <div class="theme-vdoing-content content__default"><p>你好呀，我的老朋友！我是老寇，欢迎来到老寇云平台！<br>
以下内容来源于官网及自己的理解，可以放心食用</p> <h2 id="spring-authorization-server"><a href="#spring-authorization-server" class="header-anchor">#</a> Spring Authorization Server</h2> <p><a href="https://docs.spring.io/spring-authorization-server/docs/current/reference/html/index.html">官网地址</a></p> <h3 id="简介"><a href="#简介" class="header-anchor">#</a> 简介</h3> <p><code>Spring Authorization Server</code> 是一个框架，提供 OAuth 2.1 和 OpenID Connect 1.0 规范以及其他相关规范的实现。
它建立在 Spring Security 之上，为构建 OpenID Connect 1.0 身份提供程序和 OAuth2 授权服务器产品提供了一个安全、轻量级和可定制的基础。
账号密码</p> <h3 id="整体架构-表单登录流程"><a href="#整体架构-表单登录流程" class="header-anchor">#</a> 整体架构（表单登录流程）</h3> <p>因为是构建在Spring Security之上，它的认证流程，说白了就是Spring Security的认证流程</p> <h3 id="开发基于密码模式的认证服务器"><a href="#开发基于密码模式的认证服务器" class="header-anchor">#</a> 开发基于密码模式的认证服务器</h3> <h6 id="引入依赖"><a href="#引入依赖" class="header-anchor">#</a> 引入依赖</h6> <div class="language-xml extra-class"><pre class="language-xml"><code><span class="token tag"><span class="token tag"><span class="token punctuation">&lt;</span>dependencies</span><span class="token punctuation">&gt;</span></span>
    <span class="token tag"><span class="token tag"><span class="token punctuation">&lt;</span>dependency</span><span class="token punctuation">&gt;</span></span>
        <span class="token tag"><span class="token tag"><span class="token punctuation">&lt;</span>groupId</span><span class="token punctuation">&gt;</span></span>org.springframework.security<span class="token tag"><span class="token tag"><span class="token punctuation">&lt;/</span>groupId</span><span class="token punctuation">&gt;</span></span>
        <span class="token tag"><span class="token tag"><span class="token punctuation">&lt;</span>artifactId</span><span class="token punctuation">&gt;</span></span>spring-security-oauth2-authorization-server<span class="token tag"><span class="token tag"><span class="token punctuation">&lt;/</span>artifactId</span><span class="token punctuation">&gt;</span></span>
    <span class="token tag"><span class="token tag"><span class="token punctuation">&lt;/</span>dependency</span><span class="token punctuation">&gt;</span></span>
    <span class="token tag"><span class="token tag"><span class="token punctuation">&lt;</span>dependency</span><span class="token punctuation">&gt;</span></span>
        <span class="token tag"><span class="token tag"><span class="token punctuation">&lt;</span>groupId</span><span class="token punctuation">&gt;</span></span>org.springframework.security<span class="token tag"><span class="token tag"><span class="token punctuation">&lt;/</span>groupId</span><span class="token punctuation">&gt;</span></span>
        <span class="token tag"><span class="token tag"><span class="token punctuation">&lt;</span>artifactId</span><span class="token punctuation">&gt;</span></span>spring-security-oauth2-jose<span class="token tag"><span class="token tag"><span class="token punctuation">&lt;/</span>artifactId</span><span class="token punctuation">&gt;</span></span>
    <span class="token tag"><span class="token tag"><span class="token punctuation">&lt;/</span>dependency</span><span class="token punctuation">&gt;</span></span>
    <span class="token tag"><span class="token tag"><span class="token punctuation">&lt;</span>dependency</span><span class="token punctuation">&gt;</span></span>
        <span class="token tag"><span class="token tag"><span class="token punctuation">&lt;</span>groupId</span><span class="token punctuation">&gt;</span></span>org.springframework.boot<span class="token tag"><span class="token tag"><span class="token punctuation">&lt;/</span>groupId</span><span class="token punctuation">&gt;</span></span>
        <span class="token tag"><span class="token tag"><span class="token punctuation">&lt;</span>artifactId</span><span class="token punctuation">&gt;</span></span>spring-boot-starter-security<span class="token tag"><span class="token tag"><span class="token punctuation">&lt;/</span>artifactId</span><span class="token punctuation">&gt;</span></span>
    <span class="token tag"><span class="token tag"><span class="token punctuation">&lt;/</span>dependency</span><span class="token punctuation">&gt;</span></span>
<span class="token tag"><span class="token tag"><span class="token punctuation">&lt;/</span>dependencies</span><span class="token punctuation">&gt;</span></span>
</code></pre></div><h6 id="yaml核心配置"><a href="#yaml核心配置" class="header-anchor">#</a> yaml核心配置</h6> <div class="language-yaml extra-class"><pre class="language-yaml"><code><span class="token key atrule">spring</span><span class="token punctuation">:</span>
  <span class="token comment"># OAuth2</span>
  <span class="token key atrule">security</span><span class="token punctuation">:</span>
    <span class="token key atrule">oauth2</span><span class="token punctuation">:</span>
      <span class="token key atrule">authorization-server</span><span class="token punctuation">:</span>
        <span class="token key atrule">enabled</span><span class="token punctuation">:</span> <span class="token boolean important">true</span>
        <span class="token key atrule">token</span><span class="token punctuation">:</span>
          <span class="token key atrule">authorization-code-time-to-live</span><span class="token punctuation">:</span> 1h
          <span class="token key atrule">access-token-time-to-live</span><span class="token punctuation">:</span> 1h
          <span class="token key atrule">refresh-token-time-to-live</span><span class="token punctuation">:</span> 6h
        <span class="token key atrule">client</span><span class="token punctuation">:</span>
          <span class="token key atrule">require-authorization-consent</span><span class="token punctuation">:</span> <span class="token boolean important">true</span>
        <span class="token key atrule">registration</span><span class="token punctuation">:</span>
          <span class="token key atrule">id</span><span class="token punctuation">:</span> 95TxSsTPFA3tF12TBSMmUVK0da
          <span class="token key atrule">client-id</span><span class="token punctuation">:</span> 95TxSsTPFA3tF12TBSMmUVK0da
          <span class="token key atrule">client-name</span><span class="token punctuation">:</span> OAuth2.1认证
          <span class="token key atrule">client-secret</span><span class="token punctuation">:</span> <span class="token string">&quot;{bcrypt}$2a$10$BDcxgmL3WYk7G.QEDTqlBeSudNlV3KUU/V6iC.hKlAbGAC.jbX2fO&quot;</span>
          <span class="token key atrule">client-authentication-methods</span><span class="token punctuation">:</span>
            <span class="token punctuation">-</span> client_secret_basic
          <span class="token key atrule">authorization-grant-types</span><span class="token punctuation">:</span>
            <span class="token punctuation">-</span> password
            <span class="token punctuation">-</span> mail
            <span class="token punctuation">-</span> mobile
            <span class="token punctuation">-</span> client_credentials
            <span class="token punctuation">-</span> refresh_token
            <span class="token punctuation">-</span> authorization_code
            <span class="token punctuation">-</span> urn<span class="token punctuation">:</span>ietf<span class="token punctuation">:</span>params<span class="token punctuation">:</span>oauth<span class="token punctuation">:</span>grant<span class="token punctuation">-</span>type<span class="token punctuation">:</span>device_code
            <span class="token punctuation">-</span> urn<span class="token punctuation">:</span>ietf<span class="token punctuation">:</span>params<span class="token punctuation">:</span>oauth<span class="token punctuation">:</span>grant<span class="token punctuation">-</span>type<span class="token punctuation">:</span>jwt<span class="token punctuation">-</span>bearer
          <span class="token key atrule">scopes</span><span class="token punctuation">:</span>
            <span class="token punctuation">-</span> password
            <span class="token punctuation">-</span> mail
            <span class="token punctuation">-</span> mobile
            <span class="token punctuation">-</span> openid
          <span class="token key atrule">redirect-uris</span><span class="token punctuation">:</span>
            <span class="token punctuation">-</span> http<span class="token punctuation">:</span>//127.0.0.1<span class="token punctuation">:</span><span class="token number">8000</span>
            <span class="token punctuation">-</span> http<span class="token punctuation">:</span>//127.0.0.1<span class="token punctuation">:</span><span class="token number">8001</span>
          <span class="token key atrule">post-logout-redirect-uris</span><span class="token punctuation">:</span>
            <span class="token punctuation">-</span> http<span class="token punctuation">:</span>//127.0.0.1<span class="token punctuation">:</span><span class="token number">8000</span>
            <span class="token punctuation">-</span> http<span class="token punctuation">:</span>//127.0.0.1<span class="token punctuation">:</span><span class="token number">8001</span>
        <span class="token key atrule">request-matcher</span><span class="token punctuation">:</span>
          <span class="token key atrule">patterns</span><span class="token punctuation">:</span>
            <span class="token punctuation">-</span> /v3/api<span class="token punctuation">-</span>docs/<span class="token important">**</span>
            <span class="token punctuation">-</span> /swagger<span class="token punctuation">-</span>ui.html
            <span class="token punctuation">-</span> /swagger<span class="token punctuation">-</span>ui/<span class="token important">**</span>
            <span class="token punctuation">-</span> /actuator/<span class="token important">**</span>
            <span class="token punctuation">-</span> /error
</code></pre></div><h6 id="核心代码"><a href="#核心代码" class="header-anchor">#</a> 核心代码</h6> <div class="language-java extra-class"><pre class="language-java"><code><span class="token comment">/**
 * {@link org.springframework.boot.autoconfigure.security.oauth2.server.servlet.OAuth2AuthorizationServerProperties}
 * {@link ConfigurationSettingNames}
 */</span>
<span class="token annotation punctuation">@Data</span>
<span class="token annotation punctuation">@Component</span>
<span class="token annotation punctuation">@ConfigurationProperties</span><span class="token punctuation">(</span>prefix <span class="token operator">=</span> <span class="token class-name">OAuth2AuthorizationServerProperties</span><span class="token punctuation">.</span><span class="token constant">PREFIX</span><span class="token punctuation">)</span>
<span class="token keyword">public</span> <span class="token keyword">class</span> <span class="token class-name">OAuth2AuthorizationServerProperties</span> <span class="token keyword">implements</span> <span class="token class-name">InitializingBean</span> <span class="token punctuation">{</span>

	<span class="token keyword">public</span> <span class="token keyword">static</span> <span class="token keyword">final</span> <span class="token class-name">String</span> <span class="token constant">PREFIX</span> <span class="token operator">=</span> <span class="token string">&quot;spring.security.oauth2.authorization-server&quot;</span><span class="token punctuation">;</span>

	<span class="token keyword">private</span> <span class="token keyword">boolean</span> enabled <span class="token operator">=</span> <span class="token boolean">true</span><span class="token punctuation">;</span>

	<span class="token keyword">private</span> <span class="token class-name">Token</span> token<span class="token punctuation">;</span>

	<span class="token keyword">private</span> <span class="token class-name">Client</span> client<span class="token punctuation">;</span>

	<span class="token keyword">private</span> <span class="token class-name">Registration</span> registration<span class="token punctuation">;</span>

	<span class="token keyword">private</span> <span class="token class-name">RequestMatcher</span> requestMatcher<span class="token punctuation">;</span>

	<span class="token annotation punctuation">@Override</span>
	<span class="token keyword">public</span> <span class="token keyword">void</span> <span class="token function">afterPropertiesSet</span><span class="token punctuation">(</span><span class="token punctuation">)</span> <span class="token punctuation">{</span>
		<span class="token function">validateRegistration</span><span class="token punctuation">(</span><span class="token function">getRegistration</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
	<span class="token punctuation">}</span>

	<span class="token keyword">private</span> <span class="token keyword">void</span> <span class="token function">validateRegistration</span><span class="token punctuation">(</span><span class="token class-name">Registration</span> registration<span class="token punctuation">)</span> <span class="token punctuation">{</span>
		<span class="token keyword">if</span> <span class="token punctuation">(</span><span class="token class-name">StringUtil</span><span class="token punctuation">.</span><span class="token function">isEmpty</span><span class="token punctuation">(</span>registration<span class="token punctuation">.</span>clientId<span class="token punctuation">)</span><span class="token punctuation">)</span> <span class="token punctuation">{</span>
			<span class="token keyword">throw</span> <span class="token keyword">new</span> <span class="token class-name">IllegalStateException</span><span class="token punctuation">(</span><span class="token string">&quot;客户端ID不能为空&quot;</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
		<span class="token punctuation">}</span>
		<span class="token keyword">if</span> <span class="token punctuation">(</span><span class="token class-name">CollectionUtil</span><span class="token punctuation">.</span><span class="token function">isEmpty</span><span class="token punctuation">(</span>registration<span class="token punctuation">.</span>clientAuthenticationMethods<span class="token punctuation">)</span><span class="token punctuation">)</span> <span class="token punctuation">{</span>
			<span class="token keyword">throw</span> <span class="token keyword">new</span> <span class="token class-name">IllegalStateException</span><span class="token punctuation">(</span><span class="token string">&quot;客户端身份验证方法不能为空&quot;</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
		<span class="token punctuation">}</span>
		<span class="token keyword">if</span> <span class="token punctuation">(</span><span class="token class-name">CollectionUtil</span><span class="token punctuation">.</span><span class="token function">isEmpty</span><span class="token punctuation">(</span>registration<span class="token punctuation">.</span>authorizationGrantTypes<span class="token punctuation">)</span><span class="token punctuation">)</span> <span class="token punctuation">{</span>
			<span class="token keyword">throw</span> <span class="token keyword">new</span> <span class="token class-name">IllegalStateException</span><span class="token punctuation">(</span><span class="token string">&quot;授权认证类型不能为空&quot;</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
		<span class="token punctuation">}</span>
	<span class="token punctuation">}</span>

	<span class="token annotation punctuation">@Data</span>
	<span class="token keyword">public</span> <span class="token keyword">static</span> <span class="token keyword">class</span> <span class="token class-name">Token</span> <span class="token punctuation">{</span>

		<span class="token comment">/**
		 * Set the time-to-live for a refresh token.
		 */</span>
		<span class="token keyword">private</span> <span class="token class-name">Duration</span> refreshTokenTimeToLive<span class="token punctuation">;</span>

		<span class="token comment">/**
		 * Set the time-to-live for an access token.
		 */</span>
		<span class="token keyword">private</span> <span class="token class-name">Duration</span> accessTokenTimeToLive<span class="token punctuation">;</span>

		<span class="token comment">/**
		 * Set the time-to-live for an authorization code.
		 */</span>
		<span class="token keyword">private</span> <span class="token class-name">Duration</span> authorizationCodeTimeToLive<span class="token punctuation">;</span>

	<span class="token punctuation">}</span>

	<span class="token annotation punctuation">@Data</span>
	<span class="token keyword">public</span> <span class="token keyword">static</span> <span class="token keyword">class</span> <span class="token class-name">Client</span> <span class="token punctuation">{</span>

		<span class="token comment">/**
		 * Set to {@code true} if authorization consent is required when the client
		 * requests access. This applies to all interactive flows (e.g.
		 * {@code authorization_code} and {@code device_code}).
		 */</span>
		<span class="token keyword">private</span> <span class="token keyword">boolean</span> requireAuthorizationConsent<span class="token punctuation">;</span>

	<span class="token punctuation">}</span>

	<span class="token comment">/**
	 * {@link RegisteredClient}
	 */</span>
	<span class="token annotation punctuation">@Data</span>
	<span class="token keyword">public</span> <span class="token keyword">static</span> <span class="token keyword">class</span> <span class="token class-name">Registration</span> <span class="token punctuation">{</span>

		<span class="token keyword">private</span> <span class="token class-name">String</span> id<span class="token punctuation">;</span>

		<span class="token keyword">private</span> <span class="token class-name">String</span> clientId<span class="token punctuation">;</span>

		<span class="token keyword">private</span> <span class="token class-name">String</span> clientName<span class="token punctuation">;</span>

		<span class="token keyword">private</span> <span class="token class-name">String</span> clientSecret<span class="token punctuation">;</span>

		<span class="token keyword">private</span> <span class="token class-name">Set</span><span class="token generics"><span class="token punctuation">&lt;</span><span class="token class-name">String</span><span class="token punctuation">&gt;</span></span> clientAuthenticationMethods<span class="token punctuation">;</span>

		<span class="token keyword">private</span> <span class="token class-name">Set</span><span class="token generics"><span class="token punctuation">&lt;</span><span class="token class-name">String</span><span class="token punctuation">&gt;</span></span> authorizationGrantTypes<span class="token punctuation">;</span>

		<span class="token keyword">private</span> <span class="token class-name">Set</span><span class="token generics"><span class="token punctuation">&lt;</span><span class="token class-name">String</span><span class="token punctuation">&gt;</span></span> scopes<span class="token punctuation">;</span>

		<span class="token keyword">private</span> <span class="token class-name">Set</span><span class="token generics"><span class="token punctuation">&lt;</span><span class="token class-name">String</span><span class="token punctuation">&gt;</span></span> redirectUris<span class="token punctuation">;</span>

		<span class="token keyword">private</span> <span class="token class-name">Set</span><span class="token generics"><span class="token punctuation">&lt;</span><span class="token class-name">String</span><span class="token punctuation">&gt;</span></span> postLogoutRedirectUris<span class="token punctuation">;</span>

	<span class="token punctuation">}</span>

	<span class="token annotation punctuation">@Data</span>
	<span class="token keyword">public</span> <span class="token keyword">static</span> <span class="token keyword">class</span> <span class="token class-name">RequestMatcher</span> <span class="token punctuation">{</span>

		<span class="token keyword">private</span> <span class="token class-name">Set</span><span class="token generics"><span class="token punctuation">&lt;</span><span class="token class-name">String</span><span class="token punctuation">&gt;</span></span> patterns<span class="token punctuation">;</span>

	<span class="token punctuation">}</span>

<span class="token punctuation">}</span>
</code></pre></div><h6 id="认证服务器配置"><a href="#认证服务器配置" class="header-anchor">#</a> 认证服务器配置</h6> <div class="language-java extra-class"><pre class="language-java"><code><span class="token comment">/**
 * 自动装配JWKSource {@link OAuth2AuthorizationServerJwtAutoConfiguration}
 */</span>
<span class="token annotation punctuation">@Configuration</span>
<span class="token annotation punctuation">@ConditionalOnProperty</span><span class="token punctuation">(</span>havingValue <span class="token operator">=</span> <span class="token string">&quot;true&quot;</span><span class="token punctuation">,</span> matchIfMissing <span class="token operator">=</span> <span class="token boolean">true</span><span class="token punctuation">,</span> prefix <span class="token operator">=</span> <span class="token class-name">OAuth2AuthorizationServerProperties</span><span class="token punctuation">.</span><span class="token constant">PREFIX</span><span class="token punctuation">,</span>
		name <span class="token operator">=</span> <span class="token string">&quot;enabled&quot;</span><span class="token punctuation">)</span>
<span class="token annotation punctuation">@ConditionalOnWebApplication</span><span class="token punctuation">(</span>type <span class="token operator">=</span> <span class="token class-name">ConditionalOnWebApplication<span class="token punctuation">.</span>Type</span><span class="token punctuation">.</span><span class="token constant">SERVLET</span><span class="token punctuation">)</span>
<span class="token keyword">class</span> <span class="token class-name">OAuth2AuthorizationServerConfig</span> <span class="token punctuation">{</span>

	<span class="token comment">/**
	 * OAuth2AuthorizationServer核心配置
	 * @param http http
	 * @param passwordAuthenticationProvider 密码认证Provider
	 * @param mailAuthenticationProvider 邮箱认证Provider
	 * @param mobileAuthenticationProvider 手机号认证Provider
	 * @param authorizationServerSettings OAuth2配置
	 * @param authorizationService 认证配置
	 * @return SecurityFilterChain
	 * @throws Exception Exception
	 */</span>
	<span class="token annotation punctuation">@Bean</span>
	<span class="token annotation punctuation">@Order</span><span class="token punctuation">(</span><span class="token class-name">Ordered</span><span class="token punctuation">.</span><span class="token constant">HIGHEST_PRECEDENCE</span><span class="token punctuation">)</span>
	<span class="token class-name">SecurityFilterChain</span> <span class="token function">authorizationServerSecurityFilterChain</span><span class="token punctuation">(</span><span class="token class-name">HttpSecurity</span> http<span class="token punctuation">,</span>
			<span class="token class-name">OAuth2PasswordAuthenticationProvider</span> passwordAuthenticationProvider<span class="token punctuation">,</span>
			<span class="token class-name">OAuth2MailAuthenticationProvider</span> mailAuthenticationProvider<span class="token punctuation">,</span>
			<span class="token class-name">OAuth2MobileAuthenticationProvider</span> mobileAuthenticationProvider<span class="token punctuation">,</span>
			<span class="token class-name">AuthorizationServerSettings</span> authorizationServerSettings<span class="token punctuation">,</span> <span class="token class-name">OAuth2AuthorizationService</span> authorizationService<span class="token punctuation">)</span>
			<span class="token keyword">throws</span> <span class="token class-name">Exception</span> <span class="token punctuation">{</span>
		<span class="token comment">// https://docs.spring.io/spring-authorization-server/docs/current/reference/html/configuration-model.html</span>
		<span class="token class-name">OAuth2AuthorizationServerConfiguration</span><span class="token punctuation">.</span><span class="token function">applyDefaultSecurity</span><span class="token punctuation">(</span>http<span class="token punctuation">)</span><span class="token punctuation">;</span>
		<span class="token class-name">OAuth2AuthorizationServerConfigurer</span> oAuth2AuthorizationServerConfigurer <span class="token operator">=</span> http
				<span class="token punctuation">.</span><span class="token function">getConfigurer</span><span class="token punctuation">(</span><span class="token class-name">OAuth2AuthorizationServerConfigurer</span><span class="token punctuation">.</span><span class="token keyword">class</span><span class="token punctuation">)</span>
				<span class="token comment">// https://docs.spring.io/spring-authorization-server/docs/current/reference/html/protocol-endpoints.html#oauth2-token-endpoint</span>
				<span class="token punctuation">.</span><span class="token function">tokenEndpoint</span><span class="token punctuation">(</span><span class="token punctuation">(</span>tokenEndpoint<span class="token punctuation">)</span> <span class="token operator">-&gt;</span> tokenEndpoint
						<span class="token punctuation">.</span><span class="token function">accessTokenRequestConverter</span><span class="token punctuation">(</span><span class="token keyword">new</span> <span class="token class-name">DelegatingAuthenticationConverter</span><span class="token punctuation">(</span><span class="token class-name">List</span><span class="token punctuation">.</span><span class="token function">of</span><span class="token punctuation">(</span>
								<span class="token keyword">new</span> <span class="token class-name">OAuth2MailAuthenticationConverter</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">,</span> <span class="token keyword">new</span> <span class="token class-name">OAuth2PasswordAuthenticationConverter</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">,</span>
								<span class="token keyword">new</span> <span class="token class-name">OAuth2DeviceCodeAuthenticationConverter</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">,</span>
								<span class="token keyword">new</span> <span class="token class-name">OAuth2MobileAuthenticationConverter</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">,</span>
								<span class="token keyword">new</span> <span class="token class-name">OAuth2AuthorizationCodeAuthenticationConverter</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">,</span>
								<span class="token keyword">new</span> <span class="token class-name">OAuth2ClientCredentialsAuthenticationConverter</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">,</span>
								<span class="token keyword">new</span> <span class="token class-name">OAuth2RefreshTokenAuthenticationConverter</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">,</span>
								<span class="token keyword">new</span> <span class="token class-name">OAuth2TokenIntrospectionAuthenticationConverter</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">,</span>
								<span class="token keyword">new</span> <span class="token class-name">OAuth2TokenRevocationAuthenticationConverter</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">,</span>
								<span class="token keyword">new</span> <span class="token class-name">PublicClientAuthenticationConverter</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">,</span> <span class="token keyword">new</span> <span class="token class-name">OidcLogoutAuthenticationConverter</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">,</span>
								<span class="token keyword">new</span> <span class="token class-name">OidcClientRegistrationAuthenticationConverter</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">,</span>
								<span class="token keyword">new</span> <span class="token class-name">ClientSecretBasicAuthenticationConverter</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">,</span>
								<span class="token keyword">new</span> <span class="token class-name">ClientSecretPostAuthenticationConverter</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">,</span>
								<span class="token keyword">new</span> <span class="token class-name">OAuth2AuthorizationConsentAuthenticationConverter</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">,</span>
								<span class="token keyword">new</span> <span class="token class-name">OAuth2DeviceAuthorizationConsentAuthenticationConverter</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">,</span>
								<span class="token keyword">new</span> <span class="token class-name">OAuth2DeviceAuthorizationRequestAuthenticationConverter</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">,</span>
								<span class="token keyword">new</span> <span class="token class-name">OAuth2DeviceVerificationAuthenticationConverter</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">,</span>
								<span class="token keyword">new</span> <span class="token class-name">JwtClientAssertionAuthenticationConverter</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">,</span>
								<span class="token keyword">new</span> <span class="token class-name">OAuth2AuthorizationCodeRequestAuthenticationConverter</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">)</span><span class="token punctuation">)</span><span class="token punctuation">)</span>
						<span class="token punctuation">.</span><span class="token function">authenticationProvider</span><span class="token punctuation">(</span>passwordAuthenticationProvider<span class="token punctuation">)</span>
						<span class="token punctuation">.</span><span class="token function">authenticationProvider</span><span class="token punctuation">(</span>mobileAuthenticationProvider<span class="token punctuation">)</span>
						<span class="token punctuation">.</span><span class="token function">authenticationProvider</span><span class="token punctuation">(</span>mailAuthenticationProvider<span class="token punctuation">)</span><span class="token punctuation">)</span>
				<span class="token punctuation">.</span><span class="token function">oidc</span><span class="token punctuation">(</span><span class="token class-name">Customizer</span><span class="token punctuation">.</span><span class="token function">withDefaults</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">)</span><span class="token punctuation">.</span><span class="token function">authorizationService</span><span class="token punctuation">(</span>authorizationService<span class="token punctuation">)</span>
				<span class="token punctuation">.</span><span class="token function">authorizationServerSettings</span><span class="token punctuation">(</span>authorizationServerSettings<span class="token punctuation">)</span><span class="token punctuation">;</span>
		http<span class="token punctuation">.</span><span class="token function">apply</span><span class="token punctuation">(</span>oAuth2AuthorizationServerConfigurer<span class="token punctuation">)</span><span class="token punctuation">;</span>
		<span class="token keyword">return</span> http<span class="token punctuation">.</span><span class="token function">exceptionHandling</span><span class="token punctuation">(</span>
				configurer <span class="token operator">-&gt;</span> configurer<span class="token punctuation">.</span><span class="token function">authenticationEntryPoint</span><span class="token punctuation">(</span><span class="token keyword">new</span> <span class="token class-name">LoginUrlAuthenticationEntryPoint</span><span class="token punctuation">(</span><span class="token constant">LOGIN_PATTERN</span><span class="token punctuation">)</span><span class="token punctuation">)</span><span class="token punctuation">)</span>
				<span class="token punctuation">.</span><span class="token function">build</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
	<span class="token punctuation">}</span>

	<span class="token comment">/**
	 * 注册信息
	 * @param properties 配置
	 * @param jdbcTemplate JDBC模板
	 * @return RegisteredClientRepository
	 */</span>
	<span class="token annotation punctuation">@Bean</span>
	<span class="token annotation punctuation">@ConditionalOnMissingBean</span><span class="token punctuation">(</span><span class="token class-name">RegisteredClientRepository</span><span class="token punctuation">.</span><span class="token keyword">class</span><span class="token punctuation">)</span>
	<span class="token class-name">RegisteredClientRepository</span> <span class="token function">registeredClientRepository</span><span class="token punctuation">(</span><span class="token class-name">JdbcTemplate</span> jdbcTemplate<span class="token punctuation">,</span>
			<span class="token class-name">OAuth2AuthorizationServerProperties</span> properties<span class="token punctuation">)</span> <span class="token punctuation">{</span>
		<span class="token class-name">OAuth2AuthorizationServerProperties<span class="token punctuation">.</span>Client</span> client <span class="token operator">=</span> properties<span class="token punctuation">.</span><span class="token function">getClient</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
		<span class="token class-name">OAuth2AuthorizationServerProperties<span class="token punctuation">.</span>Token</span> token <span class="token operator">=</span> properties<span class="token punctuation">.</span><span class="token function">getToken</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
		<span class="token class-name">OAuth2AuthorizationServerProperties<span class="token punctuation">.</span>Registration</span> registration <span class="token operator">=</span> properties<span class="token punctuation">.</span><span class="token function">getRegistration</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
		<span class="token class-name">RegisteredClient<span class="token punctuation">.</span>Builder</span> registrationBuilder <span class="token operator">=</span> <span class="token class-name">RegisteredClient</span><span class="token punctuation">.</span><span class="token function">withId</span><span class="token punctuation">(</span>registration<span class="token punctuation">.</span><span class="token function">getId</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
		<span class="token class-name">TokenSettings<span class="token punctuation">.</span>Builder</span> tokenBuilder <span class="token operator">=</span> <span class="token class-name">TokenSettings</span><span class="token punctuation">.</span><span class="token function">builder</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
		<span class="token class-name">ClientSettings<span class="token punctuation">.</span>Builder</span> clientBuilder <span class="token operator">=</span> <span class="token class-name">ClientSettings</span><span class="token punctuation">.</span><span class="token function">builder</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
		<span class="token class-name">PropertyMapper</span> map <span class="token operator">=</span> <span class="token class-name">PropertyMapper</span><span class="token punctuation">.</span><span class="token function">get</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">.</span><span class="token function">alwaysApplyingWhenNonNull</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
		<span class="token comment">// 令牌 =&gt; JWT配置</span>
		map<span class="token punctuation">.</span><span class="token function">from</span><span class="token punctuation">(</span>token<span class="token operator">::</span><span class="token function">getAccessTokenTimeToLive</span><span class="token punctuation">)</span><span class="token punctuation">.</span><span class="token keyword">to</span><span class="token punctuation">(</span>tokenBuilder<span class="token operator">::</span><span class="token function">accessTokenTimeToLive</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
		map<span class="token punctuation">.</span><span class="token function">from</span><span class="token punctuation">(</span>token<span class="token operator">::</span><span class="token function">getRefreshTokenTimeToLive</span><span class="token punctuation">)</span><span class="token punctuation">.</span><span class="token keyword">to</span><span class="token punctuation">(</span>tokenBuilder<span class="token operator">::</span><span class="token function">refreshTokenTimeToLive</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
		map<span class="token punctuation">.</span><span class="token function">from</span><span class="token punctuation">(</span>token<span class="token operator">::</span><span class="token function">getAuthorizationCodeTimeToLive</span><span class="token punctuation">)</span><span class="token punctuation">.</span><span class="token keyword">to</span><span class="token punctuation">(</span>tokenBuilder<span class="token operator">::</span><span class="token function">authorizationCodeTimeToLive</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
		<span class="token comment">// 客户端配置，包括验证密钥或需要授权页面</span>
		map<span class="token punctuation">.</span><span class="token function">from</span><span class="token punctuation">(</span>client<span class="token operator">::</span><span class="token function">isRequireAuthorizationConsent</span><span class="token punctuation">)</span><span class="token punctuation">.</span><span class="token keyword">to</span><span class="token punctuation">(</span>clientBuilder<span class="token operator">::</span><span class="token function">requireAuthorizationConsent</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
		<span class="token comment">// 注册</span>
		<span class="token comment">// Base64编码</span>
		<span class="token comment">// ClientAuthenticationMethod.CLIENT_SECRET_BASIC =&gt; client_id:client_secret</span>
		map<span class="token punctuation">.</span><span class="token function">from</span><span class="token punctuation">(</span>registration<span class="token operator">::</span><span class="token function">getClientId</span><span class="token punctuation">)</span><span class="token punctuation">.</span><span class="token keyword">to</span><span class="token punctuation">(</span>registrationBuilder<span class="token operator">::</span><span class="token function">clientId</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
		map<span class="token punctuation">.</span><span class="token function">from</span><span class="token punctuation">(</span>registration<span class="token operator">::</span><span class="token function">getClientName</span><span class="token punctuation">)</span><span class="token punctuation">.</span><span class="token keyword">to</span><span class="token punctuation">(</span>registrationBuilder<span class="token operator">::</span><span class="token function">clientName</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
		map<span class="token punctuation">.</span><span class="token function">from</span><span class="token punctuation">(</span>registration<span class="token operator">::</span><span class="token function">getClientSecret</span><span class="token punctuation">)</span><span class="token punctuation">.</span><span class="token keyword">to</span><span class="token punctuation">(</span>registrationBuilder<span class="token operator">::</span><span class="token function">clientSecret</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
		registration<span class="token punctuation">.</span><span class="token function">getClientAuthenticationMethods</span><span class="token punctuation">(</span><span class="token punctuation">)</span>
				<span class="token punctuation">.</span><span class="token function">forEach</span><span class="token punctuation">(</span>clientAuthenticationMethod <span class="token operator">-&gt;</span> map<span class="token punctuation">.</span><span class="token function">from</span><span class="token punctuation">(</span>clientAuthenticationMethod<span class="token punctuation">)</span><span class="token punctuation">.</span><span class="token function">whenNonNull</span><span class="token punctuation">(</span><span class="token punctuation">)</span>
						<span class="token punctuation">.</span><span class="token function">as</span><span class="token punctuation">(</span><span class="token class-name">ClientAuthenticationMethod</span><span class="token operator">::</span><span class="token keyword">new</span><span class="token punctuation">)</span><span class="token punctuation">.</span><span class="token keyword">to</span><span class="token punctuation">(</span>registrationBuilder<span class="token operator">::</span><span class="token function">clientAuthenticationMethod</span><span class="token punctuation">)</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
		registration<span class="token punctuation">.</span><span class="token function">getAuthorizationGrantTypes</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">.</span><span class="token function">forEach</span><span class="token punctuation">(</span>authorizationGrantType <span class="token operator">-&gt;</span> map<span class="token punctuation">.</span><span class="token function">from</span><span class="token punctuation">(</span>authorizationGrantType<span class="token punctuation">)</span>
				<span class="token punctuation">.</span><span class="token function">whenNonNull</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">.</span><span class="token function">as</span><span class="token punctuation">(</span><span class="token class-name">AuthorizationGrantType</span><span class="token operator">::</span><span class="token keyword">new</span><span class="token punctuation">)</span><span class="token punctuation">.</span><span class="token keyword">to</span><span class="token punctuation">(</span>registrationBuilder<span class="token operator">::</span><span class="token function">authorizationGrantType</span><span class="token punctuation">)</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
		registration<span class="token punctuation">.</span><span class="token function">getScopes</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">.</span><span class="token function">forEach</span><span class="token punctuation">(</span>scope <span class="token operator">-&gt;</span> map<span class="token punctuation">.</span><span class="token function">from</span><span class="token punctuation">(</span>scope<span class="token punctuation">)</span><span class="token punctuation">.</span><span class="token function">whenNonNull</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">.</span><span class="token keyword">to</span><span class="token punctuation">(</span>registrationBuilder<span class="token operator">::</span><span class="token function">scope</span><span class="token punctuation">)</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
		registration<span class="token punctuation">.</span><span class="token function">getRedirectUris</span><span class="token punctuation">(</span><span class="token punctuation">)</span>
				<span class="token punctuation">.</span><span class="token function">forEach</span><span class="token punctuation">(</span>redirectUri <span class="token operator">-&gt;</span> map<span class="token punctuation">.</span><span class="token function">from</span><span class="token punctuation">(</span>redirectUri<span class="token punctuation">)</span><span class="token punctuation">.</span><span class="token function">whenNonNull</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">.</span><span class="token keyword">to</span><span class="token punctuation">(</span>registrationBuilder<span class="token operator">::</span><span class="token function">redirectUri</span><span class="token punctuation">)</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
		registration<span class="token punctuation">.</span><span class="token function">getPostLogoutRedirectUris</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">.</span><span class="token function">forEach</span><span class="token punctuation">(</span>
				redirectUri <span class="token operator">-&gt;</span> map<span class="token punctuation">.</span><span class="token function">from</span><span class="token punctuation">(</span>redirectUri<span class="token punctuation">)</span><span class="token punctuation">.</span><span class="token function">whenNonNull</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">.</span><span class="token keyword">to</span><span class="token punctuation">(</span>registrationBuilder<span class="token operator">::</span><span class="token function">postLogoutRedirectUri</span><span class="token punctuation">)</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
		registrationBuilder<span class="token punctuation">.</span><span class="token function">tokenSettings</span><span class="token punctuation">(</span>tokenBuilder<span class="token punctuation">.</span><span class="token function">build</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
		registrationBuilder<span class="token punctuation">.</span><span class="token function">clientSettings</span><span class="token punctuation">(</span>clientBuilder<span class="token punctuation">.</span><span class="token function">build</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
		<span class="token class-name">JdbcRegisteredClientRepository</span> registeredClientRepository <span class="token operator">=</span> <span class="token keyword">new</span> <span class="token class-name">JdbcRegisteredClientRepository</span><span class="token punctuation">(</span>jdbcTemplate<span class="token punctuation">)</span><span class="token punctuation">;</span>
		registeredClientRepository<span class="token punctuation">.</span><span class="token function">save</span><span class="token punctuation">(</span>registrationBuilder<span class="token punctuation">.</span><span class="token function">build</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
		<span class="token keyword">return</span> registeredClientRepository<span class="token punctuation">;</span>
	<span class="token punctuation">}</span>

	<span class="token comment">/**
	 * 配置
	 * @param jwkSource 加密源
	 * @return JwtEncoder
	 */</span>
	<span class="token annotation punctuation">@Bean</span>
	<span class="token class-name">JwtEncoder</span> <span class="token function">jwtEncoder</span><span class="token punctuation">(</span><span class="token class-name">JWKSource</span><span class="token generics"><span class="token punctuation">&lt;</span><span class="token class-name">SecurityContext</span><span class="token punctuation">&gt;</span></span> jwkSource<span class="token punctuation">)</span> <span class="token punctuation">{</span>
		<span class="token keyword">return</span> <span class="token keyword">new</span> <span class="token class-name">NimbusJwtEncoder</span><span class="token punctuation">(</span>jwkSource<span class="token punctuation">)</span><span class="token punctuation">;</span>
	<span class="token punctuation">}</span>

	<span class="token annotation punctuation">@Bean</span>
	<span class="token class-name">JwtDecoder</span> <span class="token function">jwtDecoder</span><span class="token punctuation">(</span><span class="token class-name">JWKSource</span><span class="token generics"><span class="token punctuation">&lt;</span><span class="token class-name">SecurityContext</span><span class="token punctuation">&gt;</span></span> jwkSource<span class="token punctuation">)</span> <span class="token punctuation">{</span>
		<span class="token keyword">return</span> <span class="token class-name">OAuth2AuthorizationServerConfiguration</span><span class="token punctuation">.</span><span class="token function">jwtDecoder</span><span class="token punctuation">(</span>jwkSource<span class="token punctuation">)</span><span class="token punctuation">;</span>
	<span class="token punctuation">}</span>

	<span class="token annotation punctuation">@Bean</span>
	<span class="token class-name">JWKSource</span><span class="token generics"><span class="token punctuation">&lt;</span><span class="token class-name">SecurityContext</span><span class="token punctuation">&gt;</span></span> <span class="token function">jwkSource</span><span class="token punctuation">(</span><span class="token punctuation">)</span> <span class="token punctuation">{</span>
		<span class="token class-name">RSAKey</span> rsaKey <span class="token operator">=</span> <span class="token function">getRsaKey</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
		<span class="token class-name">JWKSet</span> jwkSet <span class="token operator">=</span> <span class="token keyword">new</span> <span class="token class-name">JWKSet</span><span class="token punctuation">(</span>rsaKey<span class="token punctuation">)</span><span class="token punctuation">;</span>
		<span class="token keyword">return</span> <span class="token punctuation">(</span>jwkSelector<span class="token punctuation">,</span> securityContext<span class="token punctuation">)</span> <span class="token operator">-&gt;</span> jwkSelector<span class="token punctuation">.</span><span class="token function">select</span><span class="token punctuation">(</span>jwkSet<span class="token punctuation">)</span><span class="token punctuation">;</span>
	<span class="token punctuation">}</span>

	<span class="token comment">/**
	 * 配置
	 * @param jwtEncoder 加密编码
	 * @return OAuth2TokenGenerator&lt;OAuth2Token&gt;
	 */</span>
	<span class="token annotation punctuation">@Bean</span>
	<span class="token class-name">OAuth2TokenGenerator</span><span class="token generics"><span class="token punctuation">&lt;</span><span class="token class-name">OAuth2Token</span><span class="token punctuation">&gt;</span></span> <span class="token function">tokenGenerator</span><span class="token punctuation">(</span><span class="token class-name">JwtEncoder</span> jwtEncoder<span class="token punctuation">)</span> <span class="token punctuation">{</span>
		<span class="token class-name">JwtGenerator</span> generator <span class="token operator">=</span> <span class="token keyword">new</span> <span class="token class-name">JwtGenerator</span><span class="token punctuation">(</span>jwtEncoder<span class="token punctuation">)</span><span class="token punctuation">;</span>
		<span class="token keyword">return</span> <span class="token keyword">new</span> <span class="token class-name">DelegatingOAuth2TokenGenerator</span><span class="token punctuation">(</span>generator<span class="token punctuation">,</span> <span class="token keyword">new</span> <span class="token class-name">OAuth2AccessTokenGenerator</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">,</span>
				<span class="token keyword">new</span> <span class="token class-name">OAuth2RefreshTokenGenerator</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
	<span class="token punctuation">}</span>

	<span class="token comment">/**
	 * 配置
	 * @return AuthorizationServerSettings
	 */</span>
	<span class="token annotation punctuation">@Bean</span>
	<span class="token annotation punctuation">@ConditionalOnMissingBean</span><span class="token punctuation">(</span><span class="token class-name">AuthorizationServerSettings</span><span class="token punctuation">.</span><span class="token keyword">class</span><span class="token punctuation">)</span>
	<span class="token class-name">AuthorizationServerSettings</span> <span class="token function">authorizationServerSettings</span><span class="token punctuation">(</span><span class="token punctuation">)</span> <span class="token punctuation">{</span>
		<span class="token keyword">return</span> <span class="token class-name">AuthorizationServerSettings</span><span class="token punctuation">.</span><span class="token function">builder</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">.</span><span class="token function">build</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
	<span class="token punctuation">}</span>

	<span class="token comment">/**
	 * 密码编码
	 * @return PasswordEncoder
	 */</span>
	<span class="token annotation punctuation">@Bean</span>
	<span class="token annotation punctuation">@ConditionalOnMissingBean</span><span class="token punctuation">(</span><span class="token class-name">PasswordEncoder</span><span class="token punctuation">.</span><span class="token keyword">class</span><span class="token punctuation">)</span>
	<span class="token class-name">PasswordEncoder</span> <span class="token function">passwordEncoder</span><span class="token punctuation">(</span><span class="token punctuation">)</span> <span class="token punctuation">{</span>
		<span class="token keyword">return</span> <span class="token class-name">PasswordEncoderFactories</span><span class="token punctuation">.</span><span class="token function">createDelegatingPasswordEncoder</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
	<span class="token punctuation">}</span>

	<span class="token comment">/**
	 * @param jdbcTemplate JDBC模板
	 * @param registeredClientRepository 注册信息
	 * @return OAuth2AuthorizationService
	 */</span>
	<span class="token annotation punctuation">@Bean</span>
	<span class="token annotation punctuation">@ConditionalOnMissingBean</span><span class="token punctuation">(</span><span class="token class-name">OAuth2AuthorizationService</span><span class="token punctuation">.</span><span class="token keyword">class</span><span class="token punctuation">)</span>
	<span class="token class-name">OAuth2AuthorizationService</span> <span class="token function">auth2AuthorizationService</span><span class="token punctuation">(</span><span class="token class-name">JdbcTemplate</span> jdbcTemplate<span class="token punctuation">,</span>
			<span class="token class-name">RegisteredClientRepository</span> registeredClientRepository<span class="token punctuation">)</span> <span class="token punctuation">{</span>
		<span class="token keyword">return</span> <span class="token keyword">new</span> <span class="token class-name">JdbcOAuth2AuthorizationService</span><span class="token punctuation">(</span>jdbcTemplate<span class="token punctuation">,</span> registeredClientRepository<span class="token punctuation">)</span><span class="token punctuation">;</span>
	<span class="token punctuation">}</span>

	<span class="token comment">/**
	 * 配置
	 * @param passwordEncoder 密码编码
	 * @param usersServiceImpl 用户认证
	 * @return AuthenticationProvider
	 */</span>
	<span class="token annotation punctuation">@Bean</span>
	<span class="token class-name">AuthenticationProvider</span> <span class="token function">authenticationProvider</span><span class="token punctuation">(</span><span class="token class-name">PasswordEncoder</span> passwordEncoder<span class="token punctuation">,</span> <span class="token class-name">UsersServiceImpl</span> usersServiceImpl<span class="token punctuation">)</span> <span class="token punctuation">{</span>
		<span class="token class-name">DaoAuthenticationProvider</span> daoAuthenticationProvider <span class="token operator">=</span> <span class="token keyword">new</span> <span class="token class-name">DaoAuthenticationProvider</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
		daoAuthenticationProvider<span class="token punctuation">.</span><span class="token function">setPasswordEncoder</span><span class="token punctuation">(</span>passwordEncoder<span class="token punctuation">)</span><span class="token punctuation">;</span>
		daoAuthenticationProvider<span class="token punctuation">.</span><span class="token function">setUserDetailsService</span><span class="token punctuation">(</span>usersServiceImpl<span class="token punctuation">)</span><span class="token punctuation">;</span>
		<span class="token keyword">return</span> daoAuthenticationProvider<span class="token punctuation">;</span>
	<span class="token punctuation">}</span>

	<span class="token comment">/**
	 * 配置
	 * @param jdbcTemplate JDBC模板
	 * @param registeredClientRepository 注册信息
	 * @return OAuth2AuthorizationConsentService
	 */</span>
	<span class="token annotation punctuation">@Bean</span>
	<span class="token annotation punctuation">@ConditionalOnMissingBean</span><span class="token punctuation">(</span><span class="token class-name">OAuth2AuthorizationConsentService</span><span class="token punctuation">.</span><span class="token keyword">class</span><span class="token punctuation">)</span>
	<span class="token class-name">OAuth2AuthorizationConsentService</span> <span class="token function">authorizationConsentService</span><span class="token punctuation">(</span><span class="token class-name">JdbcTemplate</span> jdbcTemplate<span class="token punctuation">,</span>
			<span class="token class-name">RegisteredClientRepository</span> registeredClientRepository<span class="token punctuation">)</span> <span class="token punctuation">{</span>
		<span class="token keyword">return</span> <span class="token keyword">new</span> <span class="token class-name">JdbcOAuth2AuthorizationConsentService</span><span class="token punctuation">(</span>jdbcTemplate<span class="token punctuation">,</span> registeredClientRepository<span class="token punctuation">)</span><span class="token punctuation">;</span>
	<span class="token punctuation">}</span>

	<span class="token keyword">private</span> <span class="token keyword">static</span> <span class="token class-name">RSAKey</span> <span class="token function">getRsaKey</span><span class="token punctuation">(</span><span class="token punctuation">)</span> <span class="token punctuation">{</span>
		<span class="token class-name">KeyPair</span> keyPair <span class="token operator">=</span> <span class="token function">generateRsaKey</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
		<span class="token class-name">RSAPublicKey</span> publicKey <span class="token operator">=</span> <span class="token punctuation">(</span><span class="token class-name">RSAPublicKey</span><span class="token punctuation">)</span> keyPair<span class="token punctuation">.</span><span class="token function">getPublic</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
		<span class="token class-name">RSAPrivateKey</span> privateKey <span class="token operator">=</span> <span class="token punctuation">(</span><span class="token class-name">RSAPrivateKey</span><span class="token punctuation">)</span> keyPair<span class="token punctuation">.</span><span class="token function">getPrivate</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
		<span class="token keyword">return</span> <span class="token punctuation">(</span><span class="token keyword">new</span> <span class="token class-name">RSAKey<span class="token punctuation">.</span>Builder</span><span class="token punctuation">(</span>publicKey<span class="token punctuation">)</span><span class="token punctuation">)</span><span class="token punctuation">.</span><span class="token function">privateKey</span><span class="token punctuation">(</span>privateKey<span class="token punctuation">)</span><span class="token punctuation">.</span><span class="token function">keyID</span><span class="token punctuation">(</span><span class="token constant">UUID</span><span class="token punctuation">.</span><span class="token function">randomUUID</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">.</span><span class="token function">toString</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">)</span><span class="token punctuation">.</span><span class="token function">build</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
	<span class="token punctuation">}</span>

	<span class="token keyword">private</span> <span class="token keyword">static</span> <span class="token class-name">KeyPair</span> <span class="token function">generateRsaKey</span><span class="token punctuation">(</span><span class="token punctuation">)</span> <span class="token punctuation">{</span>
		<span class="token keyword">try</span> <span class="token punctuation">{</span>
			<span class="token class-name">KeyPairGenerator</span> keyPairGenerator <span class="token operator">=</span> <span class="token class-name">KeyPairGenerator</span><span class="token punctuation">.</span><span class="token function">getInstance</span><span class="token punctuation">(</span><span class="token constant">ALGORITHM_RSA</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
			keyPairGenerator<span class="token punctuation">.</span><span class="token function">initialize</span><span class="token punctuation">(</span><span class="token number">2048</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
			<span class="token keyword">return</span> keyPairGenerator<span class="token punctuation">.</span><span class="token function">generateKeyPair</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
		<span class="token punctuation">}</span>
		<span class="token keyword">catch</span> <span class="token punctuation">(</span><span class="token class-name">Exception</span> var2<span class="token punctuation">)</span> <span class="token punctuation">{</span>
			<span class="token keyword">throw</span> <span class="token keyword">new</span> <span class="token class-name">IllegalStateException</span><span class="token punctuation">(</span>var2<span class="token punctuation">)</span><span class="token punctuation">;</span>
		<span class="token punctuation">}</span>
	<span class="token punctuation">}</span>

<span class="token punctuation">}</span>
</code></pre></div><h6 id="资源放行"><a href="#资源放行" class="header-anchor">#</a> 资源放行</h6> <div class="language-java extra-class"><pre class="language-java"><code><span class="token annotation punctuation">@Data</span>
<span class="token annotation punctuation">@Configuration</span>
<span class="token annotation punctuation">@RefreshScope</span>
<span class="token annotation punctuation">@ConditionalOnProperty</span><span class="token punctuation">(</span>havingValue <span class="token operator">=</span> <span class="token string">&quot;true&quot;</span><span class="token punctuation">,</span> matchIfMissing <span class="token operator">=</span> <span class="token boolean">true</span><span class="token punctuation">,</span> prefix <span class="token operator">=</span> <span class="token class-name">OAuth2AuthorizationServerProperties</span><span class="token punctuation">.</span><span class="token constant">PREFIX</span><span class="token punctuation">,</span>
		name <span class="token operator">=</span> <span class="token string">&quot;enabled&quot;</span><span class="token punctuation">)</span>
<span class="token annotation punctuation">@ConditionalOnWebApplication</span><span class="token punctuation">(</span>type <span class="token operator">=</span> <span class="token class-name">ConditionalOnWebApplication<span class="token punctuation">.</span>Type</span><span class="token punctuation">.</span><span class="token constant">SERVLET</span><span class="token punctuation">)</span>
<span class="token keyword">public</span> <span class="token keyword">class</span> <span class="token class-name">OAuth2ResourceServerConfig</span> <span class="token punctuation">{</span>

	<span class="token comment">/**
	 * 不拦截拦截静态资源 如果您不想要警告消息并且需要性能优化，则可以为静态资源引入第二个过滤器链
	 * &lt;a href=&quot;https://github.com/spring-projects/spring-security/issues/10938&quot;&gt;...&lt;/a&gt;
	 * @param http http
	 * @return defaultSecurityFilterChain
	 * @throws Exception Exception
	 */</span>
	<span class="token annotation punctuation">@Bean</span>
	<span class="token class-name">SecurityFilterChain</span> <span class="token function">defaultSecurityFilterChain</span><span class="token punctuation">(</span><span class="token class-name">HttpSecurity</span> http<span class="token punctuation">,</span> <span class="token class-name">OAuth2AuthorizationServerProperties</span> properties<span class="token punctuation">)</span>
			<span class="token keyword">throws</span> <span class="token class-name">Exception</span> <span class="token punctuation">{</span>
		<span class="token class-name">Set</span><span class="token generics"><span class="token punctuation">&lt;</span><span class="token class-name">String</span><span class="token punctuation">&gt;</span></span> patterns <span class="token operator">=</span> <span class="token class-name">Optional</span><span class="token punctuation">.</span><span class="token function">ofNullable</span><span class="token punctuation">(</span>properties<span class="token punctuation">.</span><span class="token function">getRequestMatcher</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">.</span><span class="token function">getPatterns</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">)</span>
				<span class="token punctuation">.</span><span class="token function">orElseGet</span><span class="token punctuation">(</span><span class="token class-name">HashSet</span><span class="token operator">::</span><span class="token keyword">new</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
		<span class="token keyword">return</span> http
				<span class="token punctuation">.</span><span class="token function">authorizeHttpRequests</span><span class="token punctuation">(</span>request <span class="token operator">-&gt;</span> request
						<span class="token punctuation">.</span><span class="token function">requestMatchers</span><span class="token punctuation">(</span>
								patterns<span class="token punctuation">.</span><span class="token function">stream</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">.</span><span class="token function">map</span><span class="token punctuation">(</span><span class="token class-name">AntPathRequestMatcher</span><span class="token operator">::</span><span class="token keyword">new</span><span class="token punctuation">)</span><span class="token punctuation">.</span><span class="token function">toArray</span><span class="token punctuation">(</span><span class="token class-name">AntPathRequestMatcher</span><span class="token punctuation">[</span><span class="token punctuation">]</span><span class="token operator">::</span><span class="token keyword">new</span><span class="token punctuation">)</span><span class="token punctuation">)</span>
						<span class="token punctuation">.</span><span class="token function">permitAll</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">.</span><span class="token function">anyRequest</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">.</span><span class="token function">authenticated</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">)</span>
				<span class="token punctuation">.</span><span class="token function">cors</span><span class="token punctuation">(</span><span class="token class-name">AbstractHttpConfigurer</span><span class="token operator">::</span><span class="token function">disable</span><span class="token punctuation">)</span>
				<span class="token comment">// 自定义登录页面</span>
				<span class="token comment">// https://docs.spring.io/spring-security/reference/servlet/authentication/passwords/form.html</span>
				<span class="token comment">// 登录页面 -&gt; DefaultLoginPageGeneratingFilter</span>
				<span class="token punctuation">.</span><span class="token function">formLogin</span><span class="token punctuation">(</span><span class="token class-name">Customizer</span><span class="token punctuation">.</span><span class="token function">withDefaults</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">)</span>
				<span class="token comment">// 清除session</span>
				<span class="token punctuation">.</span><span class="token function">logout</span><span class="token punctuation">(</span>logout <span class="token operator">-&gt;</span> logout<span class="token punctuation">.</span><span class="token function">clearAuthentication</span><span class="token punctuation">(</span><span class="token boolean">true</span><span class="token punctuation">)</span><span class="token punctuation">.</span><span class="token function">invalidateHttpSession</span><span class="token punctuation">(</span><span class="token boolean">true</span><span class="token punctuation">)</span><span class="token punctuation">)</span><span class="token punctuation">.</span><span class="token function">build</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
	<span class="token punctuation">}</span>

<span class="token punctuation">}</span>
</code></pre></div><p>我是老寇，我们下次再见啦！</p></div></div>  <div class="page-edit"><!----> <!----> <div class="last-updated"><span class="prefix">上次更新:</span> <span class="time">2023/09/26, 17:27:31</span></div></div> <div class="page-nav-wapper"><div class="page-nav-centre-wrap"><a href="/pages/192acb/" class="page-nav-centre page-nav-centre-prev"><div class="tooltip">API网关</div></a> <a href="/pages/10bfa8/" class="page-nav-centre page-nav-centre-next"><div class="tooltip">SSL证书</div></a></div> <div class="page-nav"><p class="inner"><span class="prev">
        ←
        <a href="/pages/192acb/" class="prev">API网关</a></span> <span class="next"><a href="/pages/10bfa8/">SSL证书</a>→
      </span></p></div></div></div> <!----></main></div> <div class="footer"><div class="icons"><a href="mailto:2413176044@qq.com" title="发邮件" target="_blank" class="iconfont icon-youjian"></a><a href="https://github.com/KouShenhai" title="GitHub" target="_blank" class="iconfont icon-github"></a></div> 
  Theme by
  <a href="https://github.com/xugaoyi/vuepress-theme-vdoing" target="_blank" title="本站主题">Vdoing</a> 
    | Copyright © 2022-2023
    <span>laokou | Apache 2.0 License</span></div> <div class="buttons"><div title="返回顶部" class="button blur go-to-top iconfont icon-fanhuidingbu" style="display:none;"></div> <div title="去评论" class="button blur go-to-comment iconfont icon-pinglun" style="display:none;"></div> <div title="主题模式" class="button blur theme-mode-but iconfont icon-zhuti"><ul class="select-box" style="display:none;"><li class="iconfont icon-zidong">
          跟随系统
        </li><li class="iconfont icon-rijianmoshi">
          浅色模式
        </li><li class="iconfont icon-yejianmoshi">
          深色模式
        </li><li class="iconfont icon-yuedu">
          阅读模式
        </li></ul></div></div> <!----> <!----> <!----></div><div class="global-ui"></div></div>
    <script src="/assets/js/app.c1130a26.js" defer></script><script src="/assets/js/2.4ec61f8d.js" defer></script><script src="/assets/js/16.284febc7.js" defer></script>
  </body>
</html>
